1.先从接口获取微信用户的openid,session_key,注意,需要在wx.login之后
2.再经过小程序用户授权后,获得加密的encryptedData和iv,加上第一步获取的session_key,掉java接口进行解密手机号等信息
工具类代码:
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import com.alibaba.fastjson.JSONObject;
@Component
public class WXUserUtils{
public static final String AES = "AES";
public static final String AES_CBC_PADDING = "AES/CBC/PKCS7Padding";
/**
* 获取 微信小程序用户 openId
* @param code
* @return
*/
public static JSONObject getWxxcxOpenId(String code) {
Map<String, String> params=new HashMap<>();
params.put("appid", "");
params.put("secret","");
params.put("js_code", code);
params.put("grant_type","authorization_code");
String result=HttpUtil.URLGet("https://api.weixin.qq.com/sns/jscode2session", params);
return JSONObject.parseObject(result);
}
/**
* * 微信 数据解密<br/>
* * 对称解密使用的算法为 AES-128-CBC,数据采用PKCS#7填充<br/>
* * 对称解密的目标密文:encrypted=Base64_Decode(encryptData)<br/>
* * 对称解密秘钥:key = Base64_Decode(session_key),aeskey是16字节<br/>
* * 对称解密算法初始向量:iv = Base64_Decode(iv),同样是16字节<br/>
* *
* * @param encrypted 目标密文
* * @param session_key 会话ID
* * @param iv 加密算法的初始向量
*
*/
public static String wxDecrypt(String encrypted, String session_key, String iv) {
String result = null;
byte[] encrypted64 = org.apache.commons.codec.binary.Base64.decodeBase64(encrypted);
byte[] key64 = org.apache.commons.codec.binary.Base64.decodeBase64(session_key);
byte[] iv64 = org.apache.commons.codec.binary.Base64.decodeBase64(iv);
try {
init();
result = new String(decrypt(encrypted64, key64, generateIV(iv64)));
} catch (Exception e) {
e.printStackTrace();
}
return result;
}
/**
* * 初始化密钥
*
*/
public static void init() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyGenerator.getInstance(AES).init(128);
}
/**
* * 生成iv
*
*/
public static AlgorithmParameters generateIV(byte[] iv) throws Exception {
// iv 为一个 16 字节的数组,这里采用和 iOS 端一样的构造方法,数据全为0
// Arrays.fill(iv, (byte) 0x00);
AlgorithmParameters params = AlgorithmParameters.getInstance(AES);
params.init(new IvParameterSpec(iv));
return params;
}
/**
* * 生成解密
*
*/
public static byte[] decrypt(byte[] encryptedData, byte[] keyBytes, AlgorithmParameters iv)
throws Exception {
Key key = new SecretKeySpec(keyBytes, AES);
Cipher cipher = Cipher.getInstance(AES_CBC_PADDING);
// 设置为解密模式
cipher.init(Cipher.DECRYPT_MODE, key, iv);
return cipher.doFinal(encryptedData);
}
}
接口代码
@ApiOperation(value = "获取微信openid,sessionkey等信息", response = Result.class)
@ApiImplicitParams({
@ApiImplicitParam(name = "code", value = "授权码", required = true, paramType = "query"),
})
@GetMapping("getWxOpenidInfo")
public Object getWxOpenidInfo(@RequestParam String code) {
if (StringUtil.isEmpty(code)) {
return null;
}
JSONObject jsonObject = WXUserUtils.getWxxcxOpenId(code);
return Result.success(jsonObject);
}
@ApiOperation(value = "手机号解密", notes = "权限获取用户手机号-phoneNumber")
@ApiImplicitParams({
@ApiImplicitParam(name = "encryptedData", value = "加密信息-用户授权获取", required = true, paramType = "query"),
@ApiImplicitParam(name = "session_key", value = "通过getWxOpenidInfo接口获取", required = true, paramType = "query"),
@ApiImplicitParam(name = "iv", value = "偏移量-用户授权获取", required = true, paramType = "query"),
@ApiImplicitParam(name = "code", value = "微信code码", required = true, paramType = "query"),
})
@GetMapping("/auth/phone")
public Object authPhone(String encryptedData, String session_key, String iv) {
try {
String result = WXUserUtils.wxDecrypt(encryptedData, session_key, iv);
JSONObject json = JSONObject.parseObject(result);
if (json.containsKey("phoneNumber")) {
String phone = json.getString("phoneNumber");
if (StringUtils.isNoneBlank(phone)) {
return Result.success(json);
} else {
return Result.error("微信用户未绑定手机号");
}
} else {
return Result.error("获取失败");
}
} catch (Exception e) {
return Result.error("获取失败");
}
}